-
Notifications
You must be signed in to change notification settings - Fork 4
/
auth.go
55 lines (42 loc) · 1.15 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package backplane
import "regexp"
// Authorization lists certificate names that may access the backplane
type Authorization struct {
// Insecure disables security and allow all callers to do anything
Insecure bool `json:"insecure" yaml:"insecure"`
// Full is a regex list of certnames that can perform changes like pause and resume
Full []string `json:"full" yaml:"full"`
// RO is a regex list of certnames that can request information from the service
RO []string `json:"read_only" yaml:"read_only"`
}
// ROAllowed determines if this user can access read only action
func (a *Authorization) ROAllowed(c string) bool {
if a.Insecure {
return true
}
if a.FullAllowed(c) {
return true
}
if matchAnyRegex([]byte(c), a.RO) {
return true
}
return false
}
// FullAllowed determines if this user can access all actions
func (a *Authorization) FullAllowed(c string) bool {
if a.Insecure {
return true
}
if matchAnyRegex([]byte(c), a.Full) {
return true
}
return false
}
func matchAnyRegex(str []byte, regex []string) bool {
for _, reg := range regex {
if matched, _ := regexp.Match(reg, str); matched {
return true
}
}
return false
}